Thursday, August 04, 2011

Exim in Debian

I was trying to configure Exim4 in debian for receiving and sending email occasionally.

First I have setup account in for my dynamic public IP.
#dpkg-reconfigure exim4-config
General type of mail configuration:  internet site; mail is sent and received directly using SMTP.
System mail name:
IP-addresses to listen on for incomming SMTP connections: // leave blank
Other destinations for which mail is accepted:
Domains to relay mail for: // leave blank
Machines to relay mail for: // leave blank
Keep number of DNS-queries minimal (Dial-on-Demand) ?: No
Delivery method for local mail: Maildir format in home directory
Split configuration into small files ? : No

You can add new account in Evolution mail as "maildir", sending SMTP localhost. done.....

If you face problem while sending mail, you might be interested to configure SMTP relay:

TLS and Authentication

Generate a certificate using:
#bash /usr/share/doc/exim4-base/examples/exim-gencert

It will generate exim.crt and exim.key in /etc/exim4/
You may simply copy certificates if you have bought it earlier.

#cd /etc/exim4
#vi exim4.conf.template

add the following line


To verify TLS we are installing diagnostic tool:
# apt-get install swaks libnet-ssleay-perl
Test the connection:
$ swaks -a -tls -q HELO -s localhost -au your_user -ap '<>'
=== Trying localhost:25...
=== Connected to localhost.
<-  220 debianwb ESMTP Exim 4.76 Thu, 04 Aug 2011 14:22:02 +0600
 -> EHLO debianwb
<-  250-debianwb Hello localhost []
<-  250-SIZE 52428800
<-  250-STARTTLS
<-  250 HELP
<-  220 TLS go ahead
=== TLS started w/ cipher DHE-RSA-AES256-SHA
 ~> EHLO debianwb
<~  250-debianwb Hello localhost []
<~  250-SIZE 52428800
<~  250 HELP
 ~> QUIT
<~  221 evie closing connection
We were sending an empty pass while testing swaks.
Now, we will add authentication schema.
For the shell users we are using SASL, which uses PAM for password authentication.

#apt-get install sasl2-bin

To enable:
#vi /etc/default/saslauthd
start the deamon
#/etc/init.d/saslauthd start

#vi /etc/exim4/exim4.conf
Un-comment the following line authentication via saslauthd:
   driver = plaintext
   public_name = PLAIN
   server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}
   server_set_id = $auth2
   server_prompts = :
   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}

Add exim to sasl group
#adduser Debian-exim sasl

Test the connection using your username:
#swaks -a -tls -q AUTH -s localhost -au your_user

you may need to add
#vi /etc/hosts    your_domain

Enableing IMAP access:
#apt-get install courier-imap courier-imap-ssl
Create directories for web-based administration -> No
You may install "File Access Monitor" daemon to check other folders beside Inbox:
# apt-get install fam
 Check this link for details information.

Optionally you can check for X.509 Certificate:
# vi /etc/courier/imapd.cnf

If you do not want to use the default certificate, after edit the imapd.cnf, you may generate using:
# mkimapdcert

If you are behind a router, forward port 25, 143, 706, 993 to your server.


Wednesday, August 03, 2011

secure wipe

#apt-get install secure-delete

It will provide the following tools for secure wiping:

srm - secure remove (secure_deletion toolkit)
$srm file_name
$srm -r folder_name

There is already another tool "shred" comes with "coreutils" package in Debian:
coreutils - GNU core utilities
shred - overwrite a file to hide its contents, and optionally delete it
$shred file_name

sfill  -  secure free disk and inode space wiper (secure_deletion toolkit)
#sfill /mount_point/

sswap - secure swap wiper (secure_deletion toolkit)

Turn off swap first :
 #swapoff /dev/sdaX
#swapoff -a  //to turn off all swap
Now run sswap:
#sswap /dev/sdaX 
sdmem - secure memory wiper (secure_deletion toolkit)

There is some limitation of these tools.
Please use manual pages of individual package for details information.